Modern vehicles utilize many Electronic Control Units (ECUs) to control operations of components such as engines, powertrains, transmissions, brakes, suspensions, onboard entertainment systems, communication systems, and the like. ECUs control basic operations of modern vehicles, from power steering to breaking to acceleration. In addition, ECUs control numerous add-on and analytical features in vehicles. For example, some cars may be equipped with ECUs configured to collect and analyze driving data, which may be provided to insurance companies to determine insurance premiums. Some cars may be equipped with ECUs configured to enhance the driving experience, and some may be equipped with ECUs configured to provide advanced (or automated) driving assistance.
As ECUs continue to increase in complexity and sophistication, managing software performance, upgrades, and bug fixes on ECUs is becoming a challenge. Currently, there are roughly 60 to 70 ECUs in an average car (and roughly 180 ECUs in a luxury car). These ECUs correspond to tens of millions of lines of code. Maintaining the code is becoming increasingly difficult. Moreover, highly sophisticated software tends to be more prone to vulnerabilities such as software bugs, glitches, and calibration problems. Manufacturers or developers of ECUs may wish to promptly fix these vulnerabilities as soon as they are discovered.
A further type of vulnerability in ECUs relates to ECU errors or faults. An ECU error may be, for example, a runtime error, stack overflow, stack underfloor, etc. An ECU fault may be, for example, a deviation in the normal or expected operation of an ECU (e.g., performing a function a certain number of times per time interval, but then “drifting” to perform the function a different number of times, either suddenly or slowly over time). Slowly implemented drifting in the execution of ECU software can be a particularly difficult problem, since it is hard to immediately detect given the lack of any obvious signs of changes to the ECU's operation.
One approach to address these vulnerabilities in affected vehicles is to issue a recall. However, recalls can be time-consuming, and they do not provide any assurance that the affected vehicles will be fixed in a timely manner. Alternatively, manufacturers or developers may attempt to provide fixes to the affected vehicles through on-board diagnostic (OBD) ports or over-the-air (e.g., using various types of wireless communication techniques). Nevertheless, OBD ports are themselves attack surfaces for vehicles, and over-the-air fixes are typically inefficient, inconvenient to the vehicle owner, and prone to introduce yet additional bugs.
Moreover, current attempts of OBD and over-the-air update techniques still have limitations in terms of time and space efficiency. For example, current attempts of over-the-air-update techniques require the manufacturer to distribute a new version of the entire ECU software as a replacement package to the affected vehicles. When the replacement package is received by an affected vehicle, the affected vehicle is required to store the replacement package into a spare memory space a memory space not used by the ECU), erase the current version of the ECU software from the memory space used by the ECU, copy the replacement package from the spare memory space into the memory space used by the ECU, and restart the ECU so it can load the new version of the ECU software. This is virtually impossible in ECUs, due to significant storage space limitations and the interruption to the functioning of the ECU. ECUs are nearly full with existing software and data already, and have very limited available storage space for new software or data. Further, there are significant cost limitations associated with providing new software to ECUs. Moreover, interrupting the processing flow of an ECU can be inconvenient or very dangerous, depending on the role of the ECU and the conditions of the vehicle.
There is thus a need for technological solutions to generate, receive, and process update packages for updating software on ECUs without the aforementioned shortcomings. In particular, there is a need for solutions for updating a vehicle with differential software, rather than an entire software module or package, over the air and without a dedicated client on an ECU. Further, solutions should not have a requirement of significant additional memory usage, or any downtime of the ECU itself. In addition, such solutions should not require reprogramming the memory of the ECU. Further, such solutions should allow for rolling back the software version on an ECU to a prior version without the need to download an entire software module, without reprogramming the memory (which can be expensive, time-consuming, and disruptive), and again without significant memory requirements or any downtime of the ECU.
There is also a need for technological solutions to generate data for abnormality detection that will not consume large amounts of data throughput to store or to transmit. Such techniques should provide lean execution performance to keep the main application on an ECU running, with all its resources it needs, and without additional required resources. It would further be advantageous to utilize a distributed vehicle architecture solution that sends only calls for action (e.g., based on anomaly detection through machine learning) to a control center or server for performing responsive actions.
Further, there is a need for technological solutions for the problems that arise based on dependencies between ECUs in vehicles. For example, when the software on one ECU is updated, it may cause the ECU to be unable to communicate with other ECUs in the vehicle. This may occur, for example, when the update to the ECU affects its network address, incoming or outgoing communications policies, format or payload of data communications, timing of communications, protocol of communications, or various other attributes of its functionality. It would be advantageous, therefore, to be able to manage the dependencies between ECUs so that software updates to ECUs can be coordinated and performed on all ECUs that may be impacted by an update.